From bfe35227d3260bead85bb70ce10f58a02d1a9d6d Mon Sep 17 00:00:00 2001
From: wpmuguru <wpmuguru@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 9 Mar 2010 17:06:58 +0000
Subject: [PATCH] block invalid site names/urls in add site, see #11777

git-svn-id: http://svn.automattic.com/wordpress/trunk@13630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/ms-edit.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php
index 8f19e707a0..0a8e503215 100644
--- a/wp-admin/ms-edit.php
+++ b/wp-admin/ms-edit.php
@@ -135,14 +135,18 @@ switch ( $_GET['action'] ) {
 		if ( is_array( $_POST[ 'blog' ] ) == false )
 			wp_die( "Can't create an empty site." );
 		$blog = $_POST['blog'];
-		$domain = sanitize_user( str_replace( '/', '', $blog[ 'domain' ] ) );
+		$domain = '';
+		if ( ! preg_match( '/(--)/', $blog[ 'domain' ] ) && preg_match( '|^([a-zA-Z0-9-])+$|', $blog[ 'domain' ] ) )
+			$domain = strtolower( $blog[ 'domain' ] );
 		$email = sanitize_email( $blog[ 'email' ] );
 		$title = $blog[ 'title' ];
 
-		if ( empty($domain) || empty($email) )
-			wp_die( __('Missing site address or email address.') );
+		if ( empty( $domain ) )
+			wp_die( __( 'Missing or invalid site address.' ) );
+		if ( empty( $email ) )
+			wp_die( __( 'Missing email address.' ) );
 		if ( !is_email( $email ) )
-			wp_die( __('Invalid email address') );
+			wp_die( __( 'Invalid email address' ) );
 
 		if ( is_subdomain_install() ) {
 			$newdomain = $domain.".".$current_site->domain;